No, it's not. To encrypt data between two parties who don't know each other, both sides have to agree on a key. There is no protocol that does that securely in the presence of a man in the middle without a "tiebreaker"; the tiebreaker SSL PKI uses is certificates.
"eavesdroppers who don't have the ability to modify the stream" are a nice fairytale, but they don't really exist in practice, with current network protocols. DNSSEC might change this, once it becomes universal.
What about Firesheep users? Surely there are many people who find it a lot easier to just capture some WiFi traffic via libpcap, WireShark or the like than to set up a fake WiFi access point, poison a DNS cache or mount other such attacks that would allow them to actually modify traffic.
Why are we talking about defenses that are defeated by just a couple lines of code? Firesheep could use pcap_write in addition to pcap_loop and redirect connections. What's the point of a defense that breaks Firesheep 1.0 only to fall to Firesheep 2.0?
Given the recent EFF story about AT&T shunting all their traffic through NSA computers, I would say it most certainly exists in practice. Basic encryption with no authentication doesn't hold up at all to directed attacks, but it would definitely help with big siphoning attacks that are actually happening right now.
MITM attacks don't have to be directed. It's not technically challenging to mass-MITM a channel --- but you probably wouldn't do that, because you can just pick "interesting" connections (like, to Google Mail) to intercept.